Kea DHCP + HA + VLAN

Started by lipa2, August 19, 2025, 03:51:48 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 19, 2025, 03:51:48 PM
Good afternoon, colleagues!

I encountered a problem configuring the Kea DHCP server with HA. I did everything as described on the official OPNSense instructions page. Everything works, but only for one interface or one VLAN. In my case, I have one master server and one backup server, and when we get to the peer configuration step, we are only allowed to create one master/backup peer pair. Let's say my network is 192.168.20.0/24. The master server has the IP address 192.168.20.2. The backup server has 192.168.20.3. And the IP address 192.168.20.1 is virtual for CARP. If we use ISC DHPC, we can specify how many interfaces are needed, the failover IP for them, and everything works without any problems. But Kea DHCP doesn't seem to have this functionality. I tried using the instructions on the forum, but they didn't work at the moment. Does anyone have any thoughts on this?I also have three more pairs of VLANs for which I need to create a peer if I want to use Kea DHCP, but it looks like the functionality doesn't allow me to do that at the moment, which is very strange.
August 19, 2025, 03:56:53 PM #1
The KEA DHCP synchronizes leases via REST API, the primary and secondary you specify in the configuration are the sockets the services use to communicate with each other.

All leases for all defined subnets are synchronized via this one primary/secondary configuration parameters. There is no per subnet configuration necessary like in ISC DHCP.
Hardware:
DEC740
August 19, 2025, 04:48:42 PM #2
So you're saying that I don't have to specify the IP addresses of my networks that will be used in DHCP in peer, right? And I can specify, for example, the pfsync interface, which is used to synchronise configurations between servers? As was done in this steps?(https://forum.opnsense.org/index.php?topic=40614.0) I tried to do that, but DHCP did not work at all, and clients did not receive addresses.
August 19, 2025, 04:53:30 PM #3
Yes you just need one sync interface.

If dhcp did not work at all I assume that the KEA service was not started.

Check the KEA log files for errors.

Check the command

# sockstat -l | grep -i 67
 to see which service holds the dhcp port.
Hardware:
DEC740
August 20, 2025, 10:13:25 AM #4
Yes, it really works. Apparently, I configured something incorrectly last time. Thank you very much!
Print
Go Up Pages1
User actions